Method and apparatus for continuous compliance assessment

Method and apparatus for continuous compliance assessment
US10013420

In various embodiments, a compliance server receives change data associated with a change captured on a target host. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, and/or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, and/or parameter as change data to the compliance server.

PTO Wrapper PDF
Dossier Espace Google

Patent 10013420
Priority Jul 03 2008
Filed Dec 15 2014
Issued Jul 03 2018
Expiry Jul 03 2028 TERM.DISCL.
Inventors DiFalco, R…
Assg.orig TRIPWIRE, …
Assg.curr Tripwire, …
Entity Large
Referenced by 4
References 158
Maint.: currently ok

CROSS REFERENCE TO R…
TECHNICAL FIELD
BACKGROUND
BRIEF DESCRIPTION OF…
DETAILED DESCRIPTION…

19. A method comprising:

monitoring a change database to detect whether any new change data has been received from target hosts;

upon detecting the new change data in the change database, notifying logic of a server of the new change data, the new change data being associated with a change detected at a target host, wherein the new change data includes data identifying the target host and data identifying a change to a registry setting or configuration parameter at the target host;

determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;

generating, by the server, one or more test results based at least on the results of the determining; and

when the change to the registry setting or configuration parameter does not meet the one or more compliance policies, generating appropriate element data for the target host to place the target host into compliance with the one or more compliance policies, wherein the new change data includes a rule that generated the change, an identification of the target host from which the change data was collected, a specific element name associated with the change, and element data associated with the change.

1. A method comprising:

receiving, by a server, change data associated with a change detected by a target host, wherein the target host applies one or more collection policies defining what types of change data are to be detected by the target host and provides the change data in response to detecting that one or more rules, settings, and/or parameters at the target host, defined by a respective one of the one or more collection policies, have changed, wherein the change data includes an identification of the target host, an identification of the respective one of the one or more collection policies responsible for the change data, and the one or more changed rules, settings, and/or parameters;

filtering, by the server, the received change data, wherein the filtering includes determining whether the target host specified in the change data is associated with one or more waivers specified by one or more compliance policies; and

conditional on the target host not being associated with the one or more waivers specified by the one or more compliance policies, determining, by the server, whether the one or more rules, settings, and/or parameters meet the one or more compliance policies and generating one or more test results based at least on the determining.

14. A method comprising:

monitoring a change database to detect whether any new change data has been received from target hosts;

upon detecting the new change data in the change database, notifying logic of a server of the new change data, the new change data being associated with a change captured on a target host, wherein the target host applies one or more collection policies defining what types of change data are to be detected by the target host and provides the new change data in response to detecting the change, wherein the new change data includes data identifying the target host, data identifying a respective one of the one or more collection policies responsible for the change data, and data identifying a change to a registry setting or configuration parameter at the target host;

determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;

generating, by the server, one or more test results based at least on the determining; and

10. A compliance server comprising:

a memory or storage device storing a change database for storing change data associated with a change captured on a target host, wherein the target host applies a plurality of collection policies defining what types of change data are to be detected by the target host and provides the change data in response to detecting the change, wherein the change data includes an identification of the target host, an identification of the respective one of the plurality of collection policies responsible for the change data, and one or more changed rules, settings, and/or parameters; and

a hardware processor, the hardware processor being programmed to:

receive, from the target host, the change data associated with the change captured on the target host,

filter the received change data, the filtering including determining whether the target host specified in the change data is associated with one or more waivers specified by one or more compliance policies, and

if the target host is not associated with the one or more waivers specified by the one or more compliance policies, determine whether the one or more changed rules, settings, and/or parameters meet the one or more compliance policies and generate one or more test results based at least on the determining.

23. A non-transitory storage medium storing computer-executable instructions which when executed by a computing device of a server cause the computing device to perform a method, the method comprising:

monitoring a change database to detect whether any new change data has been received from target hosts;

determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;

generating, by the server, one or more test results based at least on results of the determining; and

when the change to the registry setting or configuration parameter does not meet the one or more compliance policies, generating appropriate element data for the target host to place the target host into compliance with the one or more compliance policies, wherein the new change data includes a rule that generated the change, an identification of the target host from which the change was collected, a specific element name associated with the change, and element data associated with the change.

2. The method of claim 1, further comprising storing, by the server, the received change data in a change database.

3. The method of claim 1, wherein the change data includes a rule that generated the change, a specific element name associated with the change, and element data associated with the change.

4. The method of claim 1, wherein each of the one or more compliance policies includes a rule and an expression for evaluating element data of the change.

5. The method of claim 1, wherein the determining comprises evaluating an expression of at least one of the one or more compliance policies against element data specified in the change data.

6. The method of claim 1, wherein the generating the one or more test results comprises generating a report to an administrative user.

7. The method of claim 1, further comprising receiving or retrieving, by the server, new or updated compliance policies.

8. The method of claim 1, further comprising repeating the receiving, the filtering, and the conditional determining and generating in real time each time the target host captures an additional change.

9. The method of claim 1, wherein one or more of the one or more collection policies are periodically received from the server.

11. The compliance server of claim 10, further comprising an event listener to listen for generated events.

12. The compliance server of claim 10, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

13. The compliance server of claim 10, wherein the hardware processor is further programmed to evaluate an expression of at least one of the one or more compliance policies against element data specified in the change data.

15. The method of claim 14, wherein the new change data includes a rule that generated the change, a specific element name associated with the change, and element data associated with the change.

16. The method of claim 14, wherein each of the one or more compliance policies includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.

17. The method of claim 14, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.

18. The method of claim 14, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

20. The method of claim 19, wherein each compliance policy includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.

21. The method of claim 19, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.

22. The method of claim 19, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

24. The non-transitory storage medium of claim 23, wherein each compliance policy includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.

25. The non-transitory storage medium of claim 23, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.

26. The non-transitory storage medium of claim 23, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 12/167,934, filed Jul. 3, 2008, entitled “METHOD AND APPARATUS FOR CONTINUOUS COMPLIANCE ASSESSMENT,” which is hereby incorporated by reference.

TECHNICAL FIELD

Embodiments relate to the field of compliance assessment, in particular to methods and apparatuses for performing continuous compliance assessment of target host data in response to changes on a target host.

BACKGROUND

Compliance with industry standards often requires occasional monitoring of rules, settings, and configuration parameters of computing devices. For example, one industry standard might mandate a minimum password length, and registry settings of a computing device may be monitored to determine whether minimum password lengths used by the compute device meet or exceed the industry standard. This monitoring is often initiated by a server that requests a number of client settings from a monitored computing device. Upon receiving the settings, the server may then analyze, classify, and/or store them, and issue a compliance report. If changes occur to the settings after they are reported to the server, those changes are not captured and evaluated until the next server request.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the disclosure will be described by way of exemplary embodiments, but not limitations, illustrated in the accompanying drawings in which like references denote similar elements, and in which:

FIG. 1 illustrates a system-level view of various embodiments of the disclosure;

FIG. 2 illustrates an operational overview of a change collection and analysis, in accordance with various embodiments;

FIGS. 3A-3B illustrate a flow chart view of selected operations of the methods of various embodiments; and

FIG. 4 illustrates an example computer system suitable for use to practice aspects of various embodiments.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

Illustrative embodiments include, but are not limited to, methods, systems, and articles for receiving, by a compliance server, change data associated with a change captured on a target host. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, or parameter as change data to the compliance server.

Various aspects of the illustrative embodiments will be described using terms commonly employed by those skilled in the art to convey the substance of their work to others skilled in the art. However, it will be apparent to those skilled in the art that alternate embodiments may be practiced with only some of the described aspects. For purposes of explanation, specific numbers, materials, and configurations are set forth in order to provide a thorough understanding of the illustrative embodiments. However, it will be apparent to one skilled in the art that alternate embodiments may be practiced without the specific details. In other instances, well-known features are omitted or simplified in order not to obscure the illustrative embodiments.

Further, various operations will be described as multiple discrete operations, in turn, in a manner that is most helpful in understanding the illustrative embodiments; however, the order of description should not be construed as to imply that these operations are necessarily order dependent. In particular, these operations need not be performed in the order of presentation.

The phrase “in one embodiment” is used repeatedly. The phrase generally does not refer to the same embodiment; however, it may. The terms “comprising,” “having,” and “including” are synonymous, unless the context dictates otherwise. The phrase “A/B” means “A or B”. The phrase “A and/or B” means “(A), (B), or (A and B)”. The phrase “at least one of A, B and C” means “(A), (B), (C), (A and B), (A and C), (B and C) or (A, B and C)”. The phrase “(A) B” means “(B) or (A B)”, that is, A is optional.

FIG. 1 illustrates a system-level view of various embodiments of the disclosure. As illustrated, a target host 102 may be communicatively coupled to a compliance server 106. The compliance server 106 may determine whether rules, settings, and/or configuration parameters of the target host 102 meet one or more compliance policies 110.

In various embodiments, target host 102 may include one or more rules or collection policies 104 for use in capturing changes to data of the target host 102, such as changes to rules, settings, and/or configuration parameters. Upon detecting/capturing a change, the target host 102 may provide data associated with the change to the compliance server 106 to store in a change database 108 of the compliance server 106. Logic of the compliance server 106 may then generate an event to notify one or more event listeners of the compliance server 106 that data associated with a new change has been stored in the change database 108. The compliance server 106 may then look up all compliance policies 110 that match collection policies or rules 104 specified in the received change data. In some embodiments, the compliance server 106 may then filter the change data and determine whether one or more rules, settings, and/or parameters of the change data meet one or more compliance policies 110. The determining may include evaluating an expression of at least one of the compliance policies 110 against element data specified in the change data. In various embodiments, the compliance server 106 may then generate test results based on whether the compliance policies 110 were met. In one embodiment, the compliance server 106 may further generate a report. The report may then be provided to target host 102, and/or an administrative user of compliance server 106, or to some other system.

In various embodiments, target host 102 and compliance server 106 may be any sort of computing devices known in the art, except for collection policies 104, change database 108, compliance policies 110, and logic configured to perform the operations discussed herein. The computing devices may be personal computers (PC), workstations, servers, routers, mainframes, modular computers within blade servers or high-density servers, personal digital assistants (PDA), entertainment centers, set-top boxes, or mobile devices. An exemplary computing device is illustrated by FIG. 4, and will be described in greater detail herein. In some embodiments, compliance server 106 and target host 102 may be deployed on computing devices of the same organization. In other embodiments, compliance server 106 may belong to a separate organization, such as a compliance monitoring organization whose purpose is to monitor and ensure industry standards. Also, in one embodiment, target host 102 and compliance server 106 may be separate logical components or virtual machines of the same computing device.

In various embodiments, as mentioned above, target host 102 may have one or more collection policies or rules 104, and compliance server 106 may have a change database 108 and one or more compliance policies 110. These components and associated data and logic are also illustrated in FIG. 2 and will be described herein in greater detail herein.

In various embodiments, where target host 102 and compliance server 106 are remotely disposed from each other, they may be communicatively coupled to each other. In some embodiments, the computing devices may be coupled by a networking fabric (not illustrated). Such a networking fabric may include one or more of a local area network (LAN), a wide area network (WAN), and the Internet, as is known in the art. In one embodiment, the networking fabric may comprise a private network or a virtual private network (VPN) that may utilize tunneling. In some embodiments, where target host 102 and compliance server 106 belong to the same organization, they may be coupled by one or more private LANs or WANs of the organization.

FIG. 2 illustrates an operational overview of a change collection and analysis, in accordance with various embodiments. In various embodiments, collecting change data 202 may be accomplished by logic of the target host applying collection policies of rules to changes that are captured/detected on the target host. In some embodiments, collection policies/rules 104 may define a period at which a snapshot of the target system is be taken. In such embodiments, the period may be constant (such as every minute) or variable (such as increased or decreased frequency based on target host 102 usage). Also, the snapshot taken may be of all rules, settings, and configuration parameters on target host 102, or may be limited to a subset, such as all registry settings. In other embodiments, collection policies or rules 104 may instead define rules, settings, or configuration parameters of the target host 102 to monitor. Monitoring of these rules, settings, or configuration parameters may be accomplished through any monitoring/listening mechanism known in the art. Collection policies or rules 104 may monitor all rules, settings, or configuration parameters, or only a subset. In various embodiments, collection policies or rules 104 may be specified in any manner, such as system addresses, command lines, or other text that is interpretable by target host 102. Further, collection policies or rules 104 may be stored in any sort of file, database, or structure of target host 102. In one embodiment, collection policies or rules may be stored remotely, such as on compliance server 106, and periodically fetched by target host 102.

In various embodiments, the captured/detected change may be associated with other descriptive data to form change data 202. For example, the change data 202 for a given change may include an identification of the node or target host 102 on which the change was captured, the rule or collection policy 104 responsible for the capturing of the change, a name of the data element (such as a rule, setting, or configuration parameter) for which the change was detected, and the element data of the element for which the change was detected. In one exemplary embodiment, if the change was detected for a minimum password length setting, the change data 202 may include the name of the setting (e.g., “minPwdLength”) and the minimum password length (e.g., 10 characters).

In some embodiments, the collection policies 104 and the logic for applying them may be used to monitor a remote host. In such embodiments, the collection policies 104 and logic may be located on compliance server 106, or another device, and may be used to remotely detect changes on a target host 102.

In various embodiments, upon being generated, change data 202 may be stored in change database 108. As mentioned above, in some embodiments change database 108 may be a database of the compliance server 106. In other embodiments, change database 108 may reside on a different computing device then compliance server 106. For example, change database 108 may reside on a database server device that is communicatively coupled to compliance server 106. Further, in various embodiments, change database 108 may be any sort of database known in the art, such as a relational database, a normalized or de-normalized database, a data structure, or an unformatted file. In some embodiments, change database 108 may store all change data 202 received from target hosts. In other embodiments, change database 108 may have a data retention policy and may discard change data 202 after a specified/pre-determined duration of time.

As mentioned previously, upon new change data 202 being stored in change database 108, an event may be generated to notify logic of compliance server 106 of the arrival of the change data 202. Such logic may include one or more event listeners configured to detect events as they are generated. Upon detecting an event, the logic of compliance server 106 may look up tests/compliance policies 110 (hereinafter “compliance policies 110”) that match collection policies or rules 104 specified in the received change data 202. For example, if a collection policy 104 specified monitoring of a minimum password length, a compliance policy 110 specifying a minimum password length standard may be determined to be a match. Also, in some embodiments, compliance policies 110 may include elements specifying collection policies 104 to which they may apply. In such embodiments, determining matches may simply comprise comparing compliance policy 110 elements to collection policies 104 of change data 202 to determine if the elements specify the collection policies 104.

In various embodiments, compliance policies 110 may each comprise a number of elements. For example, a compliance policy 110 may specify a rule or collection policy 104, a change name (such as a name of the target host 102 data element for which a change was detected), one or more waivers from the compliance policy 110, and an expression for evaluating element data of the change data 202. In some embodiments, the collection policy 104 may correspond to a collection policy 104 specified in change data 202 and the change name may correspond to the element name specified in change data 202. Also, the waivers may specify whether a target host 102 identified by change data 202 is exempted from the compliance policy 110. In some embodiments, the expression may include one or more conditions that are to be applied to data elements of change data 202 to determine whether the data elements are in compliance with the policy 110. In various embodiments, compliance policies 110 may be specified in any manner, such as, for example, tables, collections of tables, lists, or other data structures. Further, compliance policies 110 may be stored in any sort of file, database, or structure of compliance server 106. In one embodiment, compliance policies 110 may be stored remotely and fetched by compliance server 106.

In some embodiments, compliance server 106 may receive or retrieve new or updated compliance policies 110, periodically or as they become available. In one embodiment, such new or updated policies may be retrieved or received from a service or a compliance standards organization that defines industry standards.

In various embodiments, logic of compliance server 106 may filter 204 change data 202 after looking up matching compliance policies 106. As illustrated in FIG. 2, filtering 204 change data 202 may include performing a number of narrowing determinations to ensure that the policies 110 are only applied to the target hosts 102 and changes to which they are intended to apply. For example, a first of these filtering operations 204 has already been mentioned: comparing a rule/collection policy 104 specified in an element of the compliance policy 110 to a rule/collection policy 104 specified in the change data. If there is a match, further filtering operations 204 may be performed. For instance, compliance server 106 may check whether the target host/node 102 is listed in a waivers list element of a compliance policy 106. Then, if the target host 102 specified in the change data is not present in the waivers list, the compliance server 106 may determine whether a change name specified in the compliance policy 110 matches an element name specified in the change data 202, such as the element name described previously. If there is a match, the compliance server 106 may then apply the compliance policy 110 to the change data.

In some embodiments, the compliance server 106 may apply a compliance policy 110 to change data 202 to determine whether the one or more rules, settings, and/or configuration parameters specified in the change data meet one or more compliance policies 110. As previously mentioned, the rules, settings, and/or configuration parameters may be specified by the element name and element data of change data 202. And as illustrated, that determining may comprise evaluating 206 an expression specified in a compliance policy 110 against element data specified in the change data 202. For example, the expression of the compliance policy may specify that all passwords must be at least 10 characters long, and the element data of change data 202 may specify that a recently changed password setting requires passwords to be at least 9 characters long. Such an evaluation may then indicate that the password setting of the target host 102 is not in compliance with compliance policy 110.

In various embodiments, the compliance server may then generate 208 a test result based on the determining/evaluating. The test result may indicate either that the rule, setting, or configuration parameter specified in change data 202 is in compliance or not in compliance with compliance policy 110. In various embodiments, the test results may then be stored in a test results database (not illustrated). In one embodiment, the test results database may be identical to the change database. In some embodiments, the compliance server 106 may then generate a report based on the test result and may store the report or provide it to the target host 102, an administrative user through a user interface of compliance server 106, and/or some other system. The report may include an indication of whether or not a given rule, setting, or parameter is in compliance and, if not in compliance, an indication of what an appropriate value or values for a compliant rule, setting, or parameter would be. In one embodiment, the compliance server 106 may provide the report to an industry standards/compliance monitoring organization.

In some embodiments, upon receiving a report indicating that a rule, setting, or parameter is not in compliance, target host 102 may take a remedial measure to place the rule, setting, or change in compliance.

FIGS. 3A-3B illustrate a flow chart view of selected operations of the methods of various embodiments. As illustrated, a compliance server may receive change data associated with a change captured on a target host, block 304, the target host providing the change data in response to detecting the change, and the change data including one or more rules, settings, and/or parameters. In some embodiments, the change data may include a rule that generated the change, the target host or node that the change data was collected from, a specific element name associated with the change, and element data associated with the change.

As is further illustrated, the compliance server may store the received change data in a change database, block 306. Also, in response to receiving the change data, the compliance server may generate an event to indicate receipt of the change data, block 308. The compliance server may then lookup all compliance policies that match collection policies or rules specified in the received change data, block 310. In various embodiments, each compliance policy may include a rule or collection policy, a change name, one or more waivers from the compliance policy, and an expression for evaluating element data of the change. Also, in some embodiments, the compliance server may receive or retrieve new or updated compliance policies, block 302, from another server, system, or storage.

In various embodiments, the compliance server may then filter the change data, blocks 312a-312c. As illustrated in FIG. 3B, the filtering may include comparing a first rule specified in the change data with a second rule specified in the one or more compliance policies, block 312a, determining whether a target host or node specified in the change data is associated with one or more waivers specified by the one or more compliance policies, block 312b, and/or comparing an element name specified in the change data with a name specified in the one or more compliance policies, block 312c.

As illustrated in FIG. 3A, the compliance server may then determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies, block 314. In some embodiments, the determining may be conditionally performed based on a result of the filtering. Also, the determining may be performed in response to the generating of the event, block 308. In various embodiments, the determining may include evaluating an expression of at least one of the compliance policies against element data specified in the change data.

In some embodiments, the compliance server may then generate one or more test results based at least on the results of the determining, block 316. In such embodiments, the generating may comprise generating a report to the target host and/or an administrative user.

Also, in various embodiments, the compliance server may repeat the receiving, determining, and generating in real time each time the target host captures an additional change.

FIG. 4 illustrates an exemplary computer system suitable for use to practice aspects of various embodiments. As may be seen, computing system 400 includes a number of processors or processor cores 402, and system memory 404. For the purpose of this application, including the claims, the terms “processor” and “processor cores” may be considered synonymous, unless the context clearly requires otherwise. Additionally, computing system 400 includes mass storage devices 406 (such as diskette, hard drive, compact disc read only memory (CDROM), a disc storage device, and so forth), input/output devices 408 (such as display, keyboard, cursor control and so forth) and communication interfaces 410 (such as network interface cards, modems and so forth). The elements are coupled to each other via system bus 412, which represents one or more buses. In the case of multiple buses, they are bridged by one or more bus bridges (not illustrated).

Each of these elements performs its conventional functions known in the art. In particular, system memory 404 and mass storage 406 may be employed to store a working copy and a permanent copy of the programming instructions implementing one or more aspects of the above described teachings to practice the various embodiments, herein collectively denoted as 422. The various components may be implemented by assembler instructions supported by processor(s) 402 or high-level languages, such as, for example, C, that may be compiled into such instructions.

The permanent copy of the programming instructions may be placed into permanent storage 406 in the factory, or in the field, through, for example, a distribution medium (not illustrated), such as a compact disc (CD), or through communication interface 410 (from a distribution server (not illustrated)). That is, one or more distribution media having an implementation of the agent program may be employed to distribute the agent and program various computing devices.

The constitution of these elements 402-412 are generally known to one skilled in the art, and accordingly will not be further described.

In embodiments of the present invention, an article of manufacture (not illustrated) may be employed to implement one or more methods as disclosed herein. For example, in exemplary embodiments, an article of manufacture may comprise a storage medium and a plurality of programming instructions stored on the storage medium and configured to program a target host to detect a change to a rule, setting, or parameter based on a collection policy defining what change data is to be collected by the target host, and provide data associated with the rule, setting, or parameter as change data to a compliance server. The compliance server may determine whether the rule, setting, or parameter meet one or more compliance policies. In other exemplary embodiments, the plurality of programming instructions may be configured to program a compliance server to receive data associated with a change captured on a target host, the target host providing the data in response to detecting the change, and the data including one or more rules, settings, and/or parameters. The instructions may further be configured to determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies, and to generate one or more test results based at least on the results of the determining.

Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that a wide variety of alternate and/or equivalent implementations may be substituted for the specific embodiments illustrated and described, without departing from the scope of the embodiments. This application is intended to cover any adaptations or variations of the embodiments discussed herein. Therefore, it is manifestly intended that the embodiments be limited only by the claims and the equivalents thereof.

INVENTORS:

DiFalco, Robert

THIS PATENT IS REFERENCED BY THESE PATENTS:

Patent	Priority	Assignee	Title
10432672,	Oct 27 2015	AirWatch LLC	Detection of offline attempts to circumvent security policies
10454963,	Jul 31 2015	Tripwire, Inc.; TRIPWIRE, INC	Historical exploit and vulnerability detection
11070516,	Mar 08 2018	SEMPERIS	Directory service state manager
11487705,	Jul 03 2008	Tripwire, Inc.	Method and apparatus for continuous compliance assessment

THIS PATENT REFERENCES THESE PATENTS:

Patent	Priority	Assignee	Title
5063523,	Nov 16 1989	RACAL-DATACOM, INC	Network management system with event rule handling
5542047,	Apr 23 1991	Texas Instruments Incorporated	Distributed network monitoring system for monitoring node and link status
5655081,	Mar 08 1995	BMC SOFTWARE, INC	System for monitoring and managing computer resources and applications across a distributed computing environment using an intelligent autonomous agent architecture
5745669,	Oct 21 1993	SAMSUNG ELECTRONICS CO , LTD	System and method for recovering PC configurations
5764913,	Apr 05 1996	Microsoft Technology Licensing, LLC	Computer network status monitoring system
5778184,	Jun 28 1996	Verizon Patent and Licensing Inc	System method and computer program product for processing faults in a hierarchial network
5845062,	Jun 25 1996	Verizon Patent and Licensing Inc	System and method for monitoring network elements organized in data communication channel groups with craft interface ports
5878408,	Dec 06 1996	International Business Machines Corporation	Data management system and process
5913036,	Jun 28 1996	Verizon Patent and Licensing Inc	Raw performance monitoring correlated problem alert signals
5913037,	Jul 03 1996	Hewlett Packard Enterprise Development LP	Dynamic management information base manager
5933838,	Mar 10 1997	Microsoft Technology Licensing, LLC	Database computer system with application recovery and recovery log sequence numbers to optimize recovery
5963959,	May 30 1997	ORACLE INTERNATIONAL CORPORATION OIC	Fast refresh of snapshots
6041347,	Oct 24 1997	Unified Access Communications	Computer system and computer-implemented process for simultaneous configuration and monitoring of a computer network
6052722,	Mar 07 1997	Verizon Patent and Licensing Inc	System and method for managing network resources using distributed intelligence and state management
6064656,	Oct 31 1997	Oracle America, Inc	Distributed system and method for controlling access control to network resources
6070244,	Nov 10 1997	JPMORGAN CHASE BANK, N A	Computer network security management system
6072777,	Jun 28 1996	Verizon Patent and Licensing Inc	System and method for unreported root cause analysis
6122639,	Dec 23 1997	Cisco Technology, Inc	Network device information collection and change detection
6122664,	Jun 27 1996	EVIDAN	Process for monitoring a plurality of object types of a plurality of nodes from a management node in a data processing system by distributing configured agents
6125390,	Apr 05 1994	Intel Corporation	Method and apparatus for monitoring and controlling in a network
6144993,	Nov 29 1996	PANASONIC ELECTRIC WORKS CO , LTD	Building automation system using common platform program and common function package for controlling facility loads and monitoring terminals
6195689,	May 05 1999	COMCAST MO GROUP, INC	Headend provisioning agent
6222827,	Dec 28 1995	Nokia Technologies Oy	Telecommunications network management system
6253339,	Oct 28 1998	Telefonaktiebolaget LM Ericsson (publ)	Alarm correlation in a large communications network
6272537,	Nov 17 1997	Fujitsu Limited	Method for building element manager for a computer network element using a visual element manager builder process
6341287,	Dec 18 1998	Applications in Internet Time, LLC	Integrated change management unit
6356885,	Jul 15 1997	CIENA LUXEMBOURG S A R L ; Ciena Corporation	Network model for alarm correlation
6393386,	Mar 26 1998	VISUAL NETWORKS OPERATIONS, INC	Dynamic modeling of complex networks and prediction of impacts of faults therein
6393474,	Dec 31 1998	HEWLETT-PACKARD DEVELOPMENT COMPANY, L P	Dynamic policy management apparatus and method using active network devices
6493755,	Jan 15 1999	HEWLETT-PACKARD DEVELOPMENT COMPANY, L P	Automatic notification rule definition for a network management system
6535512,	Mar 07 1996	AVAGO TECHNOLOGIES GENERAL IP SINGAPORE PTE LTD	ATM communication system interconnect/termination unit
6647400,	Aug 30 1999	Symantec Corporation	System and method for analyzing filesystems to detect intrusions
6658568,	Feb 13 1995	Intertrust Technologies Corporation	Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
6664978,	Nov 17 1997	Fujitsu Limited	Client-server computer network management architecture
6701345,	Apr 13 2000	Accenture Global Services Limited	Providing a notification when a plurality of users are altering similar data in a health care solution environment
6742114,	Feb 18 1999	Apple Inc	Deputization in a distributed computing system
6751661,	Jun 22 2000	VELOXITI, INC	Method and system for providing intelligent network management
6853987,	Oct 27 1999	Kioba Processing, LLC	Centralized authorization and fraud-prevention system for network-based transactions
6886047,	Nov 13 1998	JPMORGAN CHASE BANK, N A	System and method for managing information retrievals for integrated digital and analog archives on a global basis
6895414,	Feb 15 2001	AT&T Properties, LLC; AT&T INTELLECTUAL PROPERTY II, L P	Method and apparatus for authorizing and reporting changes to device configurations
6957227,	Mar 10 1999	ACCEL-KKR CREDIT PARTNERS SPV, LLC	Automated data integrity auditing system
6983317,	Feb 28 2000	Microsoft Technology Licensing, LLC	Enterprise management system
7016888,	Jun 18 2002	Apple Inc	Learning device interaction rules
7035877,	Dec 28 2001	Binforma Group Limited Liability Company	Quality management and intelligent manufacturing with labels and smart tags in event-based product manufacturing
7039698,	Jun 18 2002	KNAPP INVESTMENT COMPANY LIMITED	Notification device interaction
7051050,	Mar 19 2002	Network Appliance, Inc	System and method for restoring a single file from a snapshot
7058861,	Dec 31 2002	Sprint Communications Company LLP	Network model audit and reconciliation using state analysis
7065767,	Jun 29 2001	Intel Corporation	Managed hosting server auditing and change tracking
7080037,	Sep 28 1999	Kioba Processing, LLC	Portable electronic authorization system and method
7082554,	Jan 24 2002	WSOU INVESTMENTS LLC	System and method for providing error analysis and correlation in a network element
7158985,	Apr 09 2003	Cisco Technology, Inc.	Method and apparatus for efficient propagation of large datasets under failure conditions
7159036,	Dec 10 2001	JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT	Updating data from a source computer to groups of destination computers
7228460,	Jan 23 2004	VALTRUS INNOVATIONS LIMITED	Multi-state status reporting for high-availability cluster nodes
7243348,	Sep 19 2002	ORIX VENTURE FINANCE LLC	Computing apparatus with automatic integrity reference generation and maintenance
7290164,	Mar 03 2004	Cisco Systems, Inc	Method of reverting to a recovery configuration in response to device faults
7316016,	Jul 03 2002	ORIX VENTURE FINANCE LLC	Homogeneous monitoring of heterogeneous nodes
7317693,	May 12 2003	Cisco Technology, Inc	Systems and methods for determining the network topology of a network
7360099,	Sep 19 2002	ORIX VENTURE FINANCE LLC	Computing environment and apparatuses with integrity based fail over
7474425,	Mar 05 2003	Kabushiki Kaisha Toshiba; Toshiba Tec Kabushiki Kaisha	Printing system, printing apparatus, printing server and printing method utilizing wireless communication
7529197,	Jun 29 2001	Microsoft Technology Licensing, LLC	System and method for continuously provisioning a mobile device
7587754,	Dec 24 2002	ORIX VENTURE FINANCE LLC	Environment integrity assured transactions
7590669,	Apr 06 2004	Microsoft Technology Licensing, LLC	Managing client configuration data
7603440,	Nov 09 2001	UTOPIC SOFTWARE, LLC	System and method for management of end user computing devices
7620715,	Jun 29 2005	Tripwire, Inc.	Change event correlation
7636736,	Sep 21 2005	Veritas Technologies LLC	Method and apparatus for creating and using a policy-based access/change log
7765460,	Jun 29 2005	Tripwire, Inc.	Out-of-band change detection
7822724,	Jul 03 2002	Tripwire, Inc.	Change audit method, apparatus and system
8090677,	Mar 18 2005	Microsoft Technology Licensing, LLC	Method and system for altering the configuration of a data warehouse
8140635,	Mar 31 2005	Tripwire, Inc.; TRIPWIRE, INC	Data processing environment change management methods and apparatuses
8176158,	Aug 09 2005	TRIPWIRE, INC	Information technology governance and controls methods and apparatuses
8443445,	Mar 31 2006	EMC IP HOLDING COMPANY LLC	Risk-aware scanning of objects
8914341,	Jul 03 2008	TRIPWIRE, INC	Method and apparatus for continuous compliance assessment
9209996,	Mar 31 2005	Tripwire, Inc.	Data processing environment change management methods and apparatuses
9256841,	Aug 09 2005	Tripwire, Inc.	Information technology governance and controls methods and apparatuses
20010044840,
20010052010,
20020026339,
20020035561,
20020069274,
20020116363,
20020176378,
20020188711,
20030005109,
20030008662,
20030101341,
20030110280,
20030149756,
20030172151,
20030197743,
20030202201,
20030204517,
20030217134,
20030233431,
20040006614,
20040024843,
20040059770,
20040059930,
20040060046,
20040068562,
20040122962,
20040123133,
20040153875,
20040186903,
20040205182,
20040243600,
20040252693,
20040254927,
20040260803,
20050005169,
20050015622,
20050043961,
20050096949,
20050097199,
20050120101,
20050149578,
20050165790,
20050165954,
20050177600,
20050207553,
20050256787,
20050278191,
20050278453,
20060025985,
20060031529,
20060036560,
20060080656,
20060085403,
20060143685,
20060149704,
20060195905,
20060212477,
20060224663,
20060242277,
20060248084,
20060277080,
20070005320,
20070005740,
20070022365,
20070028303,
20070043674,
20070043786,
20070124255,
20070214193,
20080082374,
20080104217,
20080126377,
20080229262,
20090171732,
20090183236,
20090204701,
20100005107,
20110137905,
20110138038,
20110138039,
20110197094,
20110197189,
20110197205,
20120023076,

ASSIGNMENT RECORDS Assignment records on the USPTO

////

Executed on	Assignor	Assignee	Conveyance	Frame	Reel	Doc
Aug 04 2008	DIFALCO, ROBERT A	TRIPWIRE, INC	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	034788	0725	pdf
Dec 15 2014		Tripwire, Inc.	(assignment on the face of the patent)
Jun 03 2022	TRIPWIRE, INC	JEFFERIES FINANCE LLC, AS COLLATERAL AGENT	FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT	060306	0365	pdf
Jun 03 2022	TRIPWIRE, INC	GOLUB CAPITAL MARKETS LLC, AS COLLATERAL AGENT	SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT	060306	0649	pdf

MAINTENANCE FEES AND DATES: Maintenance records on the USPTO

Date	Maintenance Fee Events
Dec 22 2021	M1551: Payment of Maintenance Fee, 4th Year, Large Entity.

Date	Maintenance Schedule
Jul 03 2021	4 years fee payment window open
Jan 03 2022	6 months grace period start (w surcharge)
Jul 03 2022	patent expiry (for year 4)
Jul 03 2024	2 years to revive unintentionally abandoned end. (for year 4)
Jul 03 2025	8 years fee payment window open
Jan 03 2026	6 months grace period start (w surcharge)
Jul 03 2026	patent expiry (for year 8)
Jul 03 2028	2 years to revive unintentionally abandoned end. (for year 8)
Jul 03 2029	12 years fee payment window open
Jan 03 2030	6 months grace period start (w surcharge)
Jul 03 2030	patent expiry (for year 12)
Jul 03 2032	2 years to revive unintentionally abandoned end. (for year 12)